[ASA-202107-39] racket: sandbox escape
diabonas at archlinux.org
Tue Jul 20 19:30:31 UTC 2021
Arch Linux Security Advisory ASA-202107-39
Date : 2021-07-20
CVE-ID : CVE-2021-32773
Package : racket
Type : sandbox escape
Remote : Yes
Link : https://security.archlinux.org/AVG-2175
The package racket before version 8.2-1 is vulnerable to sandbox
Upgrade to 8.2-1.
# pacman -Syu "racket>=8.2-1"
The problem has been fixed upstream in version 8.2.
In Racket versions prior to 8.2, code evaluated using the Racket
sandbox could cause system modules to incorrectly use attacker-created
modules instead of their intended dependencies. This could allow system
functions to be controlled by the attacker, giving access to facilities
intended to be restricted.
Code executed in the Racket sandbox could escape its confinement
through attacker-created modules.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security